The present invention generally relates to electronic vendor and/or outlet classification. More particularly, the present invention relates to dynamic vendor and/or outlet classification based on vendor outlet comparison.
In computing, phishing involves an attempt to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is typically carried out using email or an instant message, although phone contact has been used as well.
Most methods of phishing use some form of technical deception designed to make a link in an email (and the spoofed website to which the link leads) appear to belong to the spoofed organization. Misspelled Uniform Resource Locators (URLs) and/or use of subdomains are common tricks used by phishers, such as http://www.sophas.com or http://www.sophos.example.com, rather than http://www.sophos.com. Another common trick is to make the anchor text for a link appear to be a valid URL when the link actually goes to the phisher's site.
An old method of spoofing links used links containing the @ symbol, originally intended as a way to include a username and password in a web link (contrary to the standard). For example, the link http://www.sophos.com@www.phisher.com/ might deceive a casual observer into believing that the link will open a page on www.sophos.com, whereas the link actually directs the browser to a page on www.phisher.com, using a username of www.sophos.com. The page opens normally, regardless of the username supplied. Such URLs have been disabled in Microsoft's Internet Explorer, while the Mozilla and Opera web browsers have opted to present a warning message and give users the option of continuing to the site or cancelling.
A further problem with URLs has been found in the handling of Internationalized domain names (IDN) in web browsers, that might allow visually identical web addresses to lead to different, possibly malicious, websites. Phishers have taken advantage of a similar risk, using open URL redirectors on the websites of trusted organizations to disguise malicious URLs within a trusted domain.
Once a victim visits a deceptive website the deception is not over. Some phishing scams use JavaScript commands in order to alter a browser address bar. Alteration may be done by placing a picture of a legitimate entity's URL over the address bar or by closing the original address bar and opening a new one containing the legitimate URL.
In another popular method of phishing, an attacker uses a trusted website's own scripts against the victim. Cross-site scripting attacks direct a user to sign in at a bank or other service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the phishing attack, although the phishing link is difficult to spot without specialist knowledge. Additionally, tools, such as a Universal Man-in-the-middle Phishing Kit, provide a simple to use interface that allows a phisher to convincingly reproduce a website and capture any log-in details entered at the fake site.
Pharming is a hacker's attack aiming to redirect a website's traffic to another (bogus) website. Pharming can be conducted by changing a hosts file on a victim's computer or by exploitation of a vulnerability in Domain Name Server (DNS) server software. DNS servers are computers responsible for resolving Internet names into their numerical Internet Protocol (IP) addresses. Compromised DNS servers are sometimes referred to as “poisoned”. In recent years both pharming and phishing have been used to steal identity information. Pharming has become of major concern to businesses hosting ecommerce and online banking websites, for example. Antivirus software and spyware removal software cannot protect against pharming.
If a criminal wants to steal someone's account information, he or she can set up a fake website that duplicates a look and feel of a bank or other sensitive website. Phishing may be used to induce victims to divulge sensitive information, such as passwords, PIN numbers or account numbers. However, phishing can be defeated if the victim notices that the Web address or URL does not match the expected name or address. If a criminal hijacks the victim's DNS server and changes the IP address of the target website from its real IP address to the IP address of the fake website, the victim can enter the Web address properly and still be directed to the fake website. While Hypertext Transfer protocol (HTTP) with secure sockets layer (SSL) protection, referred to as HTTPS, helps protect against such pharming, and a user's Web browser may provide a warning about invalid server certificates, such pharming attacks often occur and result in money impact to the victims. Thus, there is a need for improved identification and protection against phishing and pharming attacks.
Page hijacking is a form of spamming an index of a search engine (also known as spamdexing). Page hijacking may be achieved by creating a rogue copy of a popular website which provides contents that are similar to the original site to a web crawler but then redirects web surfers to unrelated or malicious websites. Spammers can use this technique to achieve high rankings in result pages for certain key words. Page hijacking is a form of cloaking, made possible because some web crawlers detect duplicates while indexing web pages. If two pages have the same content, only one of the URLs will be kept. A spammer will try to ensure that the rogue website is the one shown on the result pages.
Detection of fake, rogue and/or otherwise malicious web sites is currently being done by human review and simple, automated bots or programs looking at outlet details. Thus, there is a need for systems and methods for improved detection and classification of fake, rogue and/or otherwise malicious websites. There is a need for dynamic detection and classification of malicious vendor outlets and malicious vendors providing one or more outlets to a customer.